Skip to main content
TrustRadius
Salt Security API Protection Platform

Salt Security API Protection Platform

Overview

What is Salt Security API Protection Platform?

For API-driven organizations, Salt Security is an API security platform that protects internal, external, and third-party APIs. The Salt C-3A Context-based API Analysis Architecture combines coverage and AI-powered big data todiscover APIs and exposed sensitive data - continuous and automatic discoverystop attackers…

Read more

Learn from top reviewers

Return to navigation

Product Details

What is Salt Security API Protection Platform?

For API-driven organizations, Salt Security is an API security platform that protects internal, external, and third-party APIs. The Salt C-3A Context-based API Analysis Architecture combines coverage and AI-powered big data to
  • discover APIs and exposed sensitive data - continuous and automatic discovery
  • stop attackers in their tracks - block attackers by integrating with inline devices
  • provide remediation insights - for developers to improve API security posture

According to the vendor the Salt Platform differs from WAFs and API gateways, that cover only some APIs and operate on a narrow, single-transaction perspective, and is designed to understand the full context of APIs and users to provide complete security across the full API lifecycle.

The Salt platform deploys out of band, with no agents, and runs in cloud, on-premise and traditional or container/Kubernetes environments.

Salt Security API Protection Platform Features

  • Supported: discovery of APIs and exposed sensitive data
  • Supported: attack prevention
  • Supported: remediation insights

Salt Security API Protection Platform Competitors

Salt Security API Protection Platform Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesUS, EMEA, Asia Pac
Supported LanguagesEnglish

Salt Security API Protection Platform Customer Size Distribution

Consumers0%
Small Businesses (1-50 employees)0%
Mid-Size Companies (51-500 employees)35%
Enterprises (more than 500 employees)65%
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

(1-5 of 5)

If you really need to secure your APIs then you need Salt

Rating: 9 out of 10
April 14, 2022
JM
Vetted Review
Verified User
Salt Security API Protection Platform
1 year of experience
We use Salt to have a realistic view of the entire API infrastructure and possible threats to which these APIs are being subjected. We were able to have a faster and more appropriate response to potential attacks that use APIs as an attack vector. Salt addresses the need to have visibility and control over what APIs we have and how these APIs are being consumed. I consider Salt a precious platform for security teams considering the massive and constant increase in the use of APIs in the architecture of new applications.
  • Detect possible attacks on APIs
  • Gain visibility into all APIs in your infrastructure
Cons
  • Access to requests and responses from all APIs (baseline), not only those related to attacks
Salt is highly recommended for anyone who wants to discover, monitor and protect their APIs against various types of attacks. Salt should not be used as a SIEM.
  • Constant monitoring and alert for possible attacks based on API consumption baseline
  • Salt can positively impact the API availability SLA by helping to accelerate the detection of attacks that can compromise the availability of your infrastructure.

Detailed Attacks information and good sensitive data flow control

Rating: 8 out of 10
April 12, 2022
MA
Vetted Review
Verified User
Salt Security API Protection Platform
1 year of experience
Use Case: Identify anomalies and support incident response. Salt Security API Protection Platform security is integrated with SOC/SIEM tools, reporting the found attacks in order to investigate and respond. The purpose is to have a faster incident response and provide data that supports attacks investigations and sensitive data flow control.
  • Sensitive data mapping
  • Detailed Attacks Reporting
  • Integration with SOC/SIEM tools
Cons
  • The platform could have more options for exporting detailed data from attackers' dashboards.
  • The Attackers dashboard could also have more options of filters in order to support the investigations of the attack.
  • The OAS analysis could present a more detailed view of the found issues.
Useful for detailing attacks and showing the sensitive data flow on APIs.
  • Detailed Attacks information
  • Integration with SOC/SIEM Tools
  • Senstive data control
  • Salt Security API Protection Platform has provided detailed information that is helping us to identify and investigate attacks in our environment

API Security made easy with Salt [Security API Protection Platform]

Rating: 10 out of 10
August 24, 2021
TW
Vetted Review
Verified User
Salt Security API Protection Platform
1 year of experience
We have deployed Salt [Security API Protection Platform] across the entire enterprise to have better visibility around all of our APIs. This is including several different cloud architectures and both in house and 3rd party applications. Salt [Security API Protection Platform] has helped us inventory our APIs and see any attacks and type of data being accessed through these APIs.
  • Easy deployment
  • Excellent visibility into activity on APIs
  • Inventory! It helps you find things you didn't know you had
Cons
  • Some customized deployments can be difficult
  • Reporting functionality across the enterprise and not just per environment needs improved
  • Better attack handling options needed
Easy deployment for common cloud API architectures, so it's very easy to at least get visibility into what you have. In house developed apps with a custom infrastructure could be a difficult integration.
  • Inventory
  • API monitoring
  • SDLC integration
  • The inventory of API assets and volume of calls was not available previously
We tried controls offered by the IaaS providers but these were hard to manage and did not provide the visibility we wanted. We also protected APIs with a normal WAF but this was only helpful for assets we knew about and API attacks were not caught by the WAF.

API traffic compliance and security visibility

Rating: 10 out of 10
April 11, 2022
Vetted Review
Verified User
Salt Security API Protection Platform
1 year of experience
Salt provides visibility on our API traffic, allowing us to proactively identify PII, differences in API documentation (swagger files) and real traffic, alerts in situations that indicate a potential attacker allowing us to take countermeasures and suggestions on improvements (missing important HTTP headers, endpoints lacking authorization, etc.). Given the number of endpoints we have and the traffic we have would be really difficult to get these insights without Salt.
  • PII identification in API traffic.
  • Divergence between API traffic and documentation (swagger files).
  • Potential attacks with information to take counter measures.
Cons
  • Reporting - more flexible ways to get information.
  • API documentation in order to interact with the platform.
If you have a large number of API endpoints and a dynamic scenario where teams create and change API endpoints and you want to get visibility on key information to keep your API traffic secure and compliant with privacy regulations.
  • PII identification.
  • Traffic analysis to get insights on improvements and potential attackers.
  • Helped to keep us compliant with most privacy regulations.

Salt Security Review

Rating: 9 out of 10
September 30, 2021
Vetted Review
Verified User
Salt Security API Protection Platform
1 year of experience
We have implemented Salt in our in-house developed applications to identify and protect publicly accessible APIs.
  • Identifies APIs
  • Identifies attacks against the APIs
  • Identifies the type data that is accessible through the APIs
Cons
  • Better correctly identify the data that is accessible through the APIs.
It is great at identifying APIs that are being used within your custom developed applications. Once the APIs are identified, it also identifies all of the endpoints associated with those APIs. For a security team that is separate from the DEV team, this is very helpful.
  • API and endpoint identification
  • Identification of attackers and what they were doing on the API
  • Allowed us to identify attackers and take action on them.
Imperva Web Application Firewall (WAF)
Return to navigation